If I have seen farther it is by standing on the shoulders of giants
Sir Isaac Newton, 1676

If the phrase “open innovation” has a familiar ring, that’s not surprising. It’s not only a popular buzz phrase, but it has the type of virtuous ring to it that instinctively inspires a favorable reaction. But like most simple phrases, it intrigues rather than enlightens. For example, is open innovation feasible in all areas of creative, commercial and scientific endeavor? If so, do the rules, challenges and rewards differ from discipline to discipline, and if it’s not universally feasible, why not?

Perhaps the most important term in any standards organization’s Intellectual Property Policy (IPR) policy is the acronym “RAND,” standing for “reasonable and non-discriminatory” (in Europe, they add an “F” – for “fair” - at the front end, yielding “FRAND,” but the meaning is the same). Virtually every other term in such a policy will appear in one of many variations from policy to policy, and these definitions can be quite lengthy and precise. But the definition of F/RAND is always word for word the same – never is a different term used, nor is any additional elaboration provided to explain exactly what “fair” or “reasonable” are intended to mean.

The result is that when two parties – the owner of a patent claim that an implementer of a standard can’t avoid infringing (an “Essential Claim”) and a party that wants to implement the standard – can’t agree on what the boundaries of these words should be, a third party is needed to settle the dispute.

It would be convenient and consoling to pretend that what I’ve described over the last several days is simple science fiction. But sad to say, the only thing that is doubtful about the scenario I have described is that it might be difficult for the perpetrator to build a thousand drones without Western espionage becoming aware of the plan.

But would that really be so hard? Many countries are building drones now; the technology is not complex. Indeed, Germany launched V-1 drones against Britain more than seventy years ago. With GPS today, building and guiding sufficiently reliable drones of the primitive type needed to stage the attack I have described is within the technical ability of every nation that could be imagined to be an enemy. And there are plenty of old ships to go around.

When the New Year’s Day sun rose in Europe and the United States, the reality of what had happened was hidden to almost all. Only a hundred or so targets had been struck, and the smoke from the ruins that remained was already dissipating. What people did immediately realize was that certain things that they were used to working now did not.

The things that no longer functioned included anything that relied on electricity to operate. Which was, of course, virtually everything except automobiles. This was necessarily the case, because all of the elements that coordinated and controlled the power grid had been destroyed. Even many battery powered devices were silent – the cell phones had no dial tones, and the radios generated only static, because the management software and servers that enabled telecommunications had also been annihilated. Perhaps most discomfiting of all, there was no Internet, nor any of the services that relied upon the Internet.

As the sun set on New Year’s Eve, 2022, a dozen anonymous container ships were approaching major ports in the United States and Europe. Like many carriers nearing the end of their useful life, their histories were mongrel in nature; originally owned by major shipping magnates in Greece, they had passed through multiple hands and were now flagged in Senegal, and chartered by a concern in Amsterdam. Three years ago each had been subchartered by one of several much smaller companies with offices in many out of the way places.

The terms of each charter contract made the company responsible for the upkeep of the ships it had leased, and in due course over the first year of the engagements each ship had undergone repairs in small ship yards in the Indian Ocean and in Southeast Asia before returning to ply its trade in the various shipping lanes of the world.

This is the first part of a four-day series I will post this week highlighting an astonishingly neglected area of cyber-vulnerability. I will be presenting it tomorrow (remotely) at the Jules Verne Corner segment of the ITU's meetings this week in Kyoto, Japan

There appears to be consensus in many quarters today that migrating to the Cloud is highly desirable – indeed, that we have already embarked upon an irresistible and indeed inexorable migration. Multinational IT vendors view this transition as the next great market opportunity; governments see in it an opportunity to finally rationalize their Byzantine legacy systems without incurring massive up front capital costs; and enterprise users find the value proposition increasingly compelling as their systems become more complex, expensive and difficult to maintain.

Meanwhile, the data, records, pictures and social relations of individuals (often without their pausing to think about it) move with the tap of a key from hard drives and back up device from the supervision of their owners to who knows where, owned by who knows who, and vulnerable to who knows what?

On Tuesday, OASIS made an extremely rare announcement for an information technology consortium: that it has successfully completed the process of becoming accredited by the American National Standards Institute (ANSI). As a result, it is now able to submit its standards to ANSI for recognition as American National Standards (ANS). And also to directly submit its standards for adoption by ISO and IEC. This is a milestone that’s worthy of note, despite the fact that over 200 standards setting organizations (SSOs) have achieved a similar status in the past.

From time to time over the past year I’ve noted that events in the real world involving North Korea have been closely tracking the plot of my book, The Alexandria Project. Among other events, North Korea has successfully launched a three stage rocket and threatened to use it to strike the U.S.; analysts have begun to speculate that the surprisingly low-yield nuclear weapons the North has tested may not be poor performing designs, but instead small devices purpose-built for missile launch against America. Just yesterday, the U.S. sent a pair of nuclear weapons-capable stealth bombers over South Korea, the same delivery means contemplated in my book.

Okay. Most of that could be attributed simply to the fact that I did my research well, and that others might make the same speculations based on past events that I did in developing my plot. But this morning’s news included a story that makes me seriously wonder whether my book has crossed the divide from predicting events to acting as a “how to” manual for real-world, state-supported cyber attackers.

North Korea threatened to launch a preemptive nuclear strike on its “aggressors,” including the U.S., ahead of a United Nations vote on tougher sanctions against the totalitarian state for last month’s atomic test. - Bloomberg News, March 7, 2013

“Do not underestimate the military, my friend. You must leave this in my charge and trust that it will be as I have promised. As soon as the missiles are ready, they will be fired. Approximately twenty minutes later, Washington and another city that will surprise you will be destroyed. There will be utter chaos in the enemy’s ranks, and in that chaos, I will give the order for our troops to attack across the border. Seoul will be ours before nightfall.”

Our story so far: Our hero, Frank Adversego now understands where the name "Alexandria Project" comes from, but hasn't been able to figure out much else yet about the mysterious cracker whose exploit threatens the Library of Congress. Read the first chapters here.

Frank fidgeted next to the cheese and crackers, looking helplessly for his daughter in the crowd. He hated social events with a passion, and especially having to speak to people he didn’t know. He was sure that every sentence he uttered came across as a brainless non-sequitur.

But fair was fair. Marla was finishing up an internship with a local high tech company, and at the last minute, her date had come down with the flu. She had kept him company at the Library of Congress holiday party the weekend before, and this time it was his turn.

“Please, Dad,” she’d said over the phone, “There’s this guy at work that’s been hitting on me all week. It’ll do you good to get out of your crummy apartment, and how can you turn down a request to protect your little girl?”

ABOUT THESTANDARDS BLOG

There are over 1,000,000 supported standards, with more being developed all the time. The Standards Blog examines how standards are developed, and their impact on business, society, and the future. This site is hosted by Gesmer Updegrove LLP, a technology law firm based in Boston, Massachusetts, USA. GU is an internationally recognized leader in creating and representing the organizations that create and promote standards and open source software. The opinions expressed in The Standards Blog are those of Andy Updegrove alone, and not necessarily those of GU. Please see the Terms of Use and Privacy Policy for this site, which appear here.

Quote of the Day

“Open standards are simply better for developers”

-Professor William Webb, CEO of the Weightless SIG, announcing the SIG's first standard

Latest News

OMB developing cyber guidance for contractorsSean LyngaasFCW July 31, 2015 - The Office of Management and Budget is drafting guidelines intended to bolster the cybersecurity of contractors in the aftermath of damaging compromises of federal information via third-party vendors.
The draft guidance will be published at CIO.gov, according to a Federal Register notice. “The increase in threats facing federal information systems demand that certain issues regarding security of information on these systems is clearly, effectively and consistently addressed in federal contracts,” the notice stated.... ...Full Story

Trade groups tell Congress to keep its hands off IoTGrant GrossIDG July 31, 2015 - The U.S. Congress should take a hands-off approach toward the burgeoning Internet of Things industry and let vendors figure out how to deal with privacy and security issues, representatives of four trade groups said.
The IoT industry offers great potential for growth and for innovative new products, but that growth “requires government restraint,” Gary Shapiro, president and CEO of the Consumer Electronics Association, told lawmakers Wednesday.
Government has a role in an ongoing debate about issues such as who owns the data moving over the IoT, but decisions about security and privacy should be driven by vendors, Shapiro told the Internet subcommittee of the House of Representatives Judiciary Committee. “It’s up to manufacturers and service providers to make good decisions about privacy and security, or they will fail in the marketplace,” he added.... ...Full Story

Open Source Is Going Even More Open—Because It Has ToKlint FinleyWired July 30, 2015 - Google often gives its software away for free. It has long believed in open source software.
But last week, the company took this idea to the next level. It gave away all rights to Kubernetes, a cloud computing system originally designed by Google engineers, asking a non-profit to manage its development. It didn’t just share some software code with the world. It agreed to let an independent party oversee the development of the code.
Dubbed the Cloud Native Computing Foundation, the organization is just the latest in a series of high profile new foundations now stewarding opens source projects created by large tech companies. In the past year, we’ve also seen the launch of the Cloud Foundry Foundation to govern a project originally released by VMware, the establishment of the Node.js Foundation, thanks cloud services company Joyent, and the founding of the Open Container Initiative, thanks to several different companies, most notably Docker and CoreOS. All four of these new organizations are under the umbrella of the Linux Foundation, the organization originally founded to manage the Linux Kernel, the core of all Linux operating systems.... ...Full Story

International Standards Organizations Issue Updated Guidelines for Common Patent Policy ImplementationANSI Weekly News July 29, 2015 - World Standards Cooperation (WSC) partners the International Electrotechnical Commission (IEC), the International Organization for Standardization (ISO), and the International Telecommunication Union (ITU) have issued updated guidelines for implementation of the Common Patent Policy for ITU-T/ITU-R/ISO/IEC intended to address patented technology in international standards....The WSC organizations instituted the patent policy in 2007, with the goal of promoting greater awareness and practical guidance for participants of technical bodies in the case that patent matters arise. The policy encourages early disclosure and identification of patents that may relate to standards under development, as greater transparency promotes efficiency and helps avoid potential patent right issues in standards development....As part of this implementation, ISO, IEC, and ITU jointly adopted Guidelines for the Implementation of the Common Patent Policy and a Patent Statement and License Declaration Form to support implementation of the patent policy. Additionally, the WSC organizations each maintain an online patent information database intended to facilitate the standards-setting process.... ...Full Story

ANSI and Mexican Accreditation Body Sign MoU, Strengthening Collaboration for Global Climate ActionANSI Weekly News July 28, 2015 - The American National Standards Institute (ANSI) and the Entidad Mexicana de Acreditacion, AC (EMA, Mexico) have signed a Memorandum of Understanding (MoU) pledging to mutually work together to harmonize their accreditation processes for greenhouse gas (GHG) programs. This agreement will enable each accreditation body to provide the validation and verification bodies operating in both countries greater flexibility, consistency, and value. The signing is a response to the July Climate Summit of the Americas conference, hosted by the Government of Ontario, Canada, which set out to foster and strengthen partnerships among jurisdictions for global climate action and build motivation and support for carbon pricing.
The signing will ultimately help bolster a spectrum of GHG programs and other businesses that rely on accreditation to operate with optimum efficiency in their efforts to reduce greenhouse gas emissions. Since 2008, ANSI has offered an accreditation program for organizations providing third-party validation/verification services for the reduction and removal of greenhouse gases. The ANSI Accreditation Program for Greenhouse Gas Validation/Verification Bodies operates according to requirements defined in the International Organization for Standardization (ISO) standard ISO 14065:2013, Greenhouse gases - Requirements for greenhouse gas validation and verification bodies for use in accreditation or other forms of recognition.
EMA, the Mexican accreditation body, is Mexico’s first non-government body for the accreditation of conformity assessment bodies, which comprise testing laboratories, calibration laboratories, clinical laboratories, inspection bodies and certification bodies, proficiency testing providers, and GHG emission verification/validation bodies. Since 2010, EMA has offered an accreditation program for third-party validation/verification of greenhouse gases in the Mexican market....
ANSI and EMA are both members of the International Accreditation Forum (IAF) and PAC, and operate ISO 14065 accreditation programs. ...Full Story

Tech Giants Boost Open Source Container CollaborationJack M. GermainLinuxInsider July 27, 2015 - The Linux Foundation this week announced the formation of the Cloud Native Computing Foundation, a consortium dedicated to developing a new set of common container technologies and driving their adoption.
CNCF aims to make it easier for businesses to build and deploy containerized cloud applications oriented to microservices. The goal is to develop cloud-native applications that allow Internet companies to make scaling their businesses more practical.
The group's founders -- more than two dozen major technology companies -- include AT&T, Box, Cisco, Docker, eBay, Goldman Sachs, Google, Huawei, IBM, Intel, Red Hat, Twitter and VMware. Additional members will join the group in the coming weeks....The announcement of the new technology foundation comes on the heals of another major Linux Foundation-sponsored group. CoreOS and Docker last month announced the formation of the Open Container Project, a nonprofit coalition of 21 industry leaders aiming to establish minimal common standards for cloud storage software containers.
Many of the companies banding together in OCP also signed on to found CNCF....Open source container-packaged applications are important, Messina emphasized. They give organizations moving from building monolithic applications to a distributed application a way to separate applications from the constraints of the infrastructure. ...Full Story

Updegrove, The Lafayette Campaign (Book Review)Brenda JubinValueWalk July 27, 2015 - ...Andrew Updegrove, author of The Alexandria Project, is back with another Frank Adversego cyber-thriller, The Lafayette Campaign: A Tale of Deception and Elections. If you (well, only if you're a Republican) think that the worst case scenario is that Donald Trump decides the next presidential election, assuming that he runs as a third-party candidate, think again. Elections can be tipped or determined not only by third-party candidates (Ralph Nader is often said to have been the spoiler in 2000) and Supreme Court decisions but also by hackers.
The more electronic elections become, the more hackable they are. Competing rogue forces can devote funds and skills to shaping their outcome. Indeed, just think about it. Why give millions of dollars to PACs, money which is often wasted, when you can fund a bunch of hackers? The Chicago “vote early and often” pols and the RNC Watergate crew worked in the pre-digital era. Today their exploits seem laughably primitive. Elections can be stolen much more elegantly with a few lines of code.
The Lafayette Campaign is a fast-paced thriller that takes the reader through the machinations of election cyber-fraud. A perfect beach book. ...Full Story

Apple and Samsung may help make the SIM card disappearJacob Kastrenakesthe Verge July 25, 2015 - The SIM card as we know it may be about to disappear. According to the Financial Times, Apple and Samsung are in discussions with mobile carriers to help develop and implement a new SIM card standard that could make it easier to switch between service providers. The report refers to the new standard as an embedded SIM — or an e-SIM — which would remain inside the phone and give consumers the ability to switch carriers without getting a new card, rather than locking them into a specific carrier, as they do now. That means no more swapping SIMs to switch phones or carriers; it would all be done through an interface on the device....The GSM Association, an industry group that represents mobile operators, tells the Financial Times that "the majority of operators" are on board with the shift over to e-SIM. That reportedly includes AT&T, T-Mobile owner Deutsche Telekom, Vodafone, Telefonica, and Orange, as well as other international carriers. The association confirmed Apple and Samsung's participation in developing the new standard, but the companies' involvement may not yet be final. The association says of Apple: "While we are optimistic, a formal agreement with them is still in progress."... ...Full Story

Energy commission looks to strengthen grid’s cyber securityJudy GreenwaldBusiness Insurance July 24, 2015 - The Federal Energy Regulatory Commission is proposing rules intended to improve the nationwide electric system’s cyber security.
FERC said in a statement last week that it is seeking comment on seven updated critical infrastructure protection reliability standards proposed by the North American Electric Reliability Corp., an Atlanta-based industry group.
The standards are intended to address risks to communication networks and related bulk electric system assets, as well as the development of standards for supply chain management security controls to protect the bulk electric system from system vulnerabilities and malware threats, FERC said in its statement.... ...Full Story

Open Document Format (ODF) 1.2 published as International Standard 26300:2015 by ISO/IECItalo VignoliThe Document Foundation July 23, 2015 - The Open Document Format for Office Applications (ODF) Version 1.2, the native file format of LibreOffice and many other applications, has been published as International Standard 26300:2015 by ISO/IEC. ODF defines a technical schema for office documents including text documents, spreadsheets, charts and graphical documents like drawings or presentations....ODF is developed by the OASIS consortium. The current version of the standard was published in 2011, and then was submitted to ISO/IEC in 2014.... ...Full Story